Hi! I have been making some great improvements with graylog. I am using grok extractors to get the data from Haproxy and Apache logs but my problem is that i am getting fields that are numbers (response times) as string so i can’t make some graph (for instance i want to create a graph of average response time). This is my grok pattern:
%{IPV4:clientip}:%{POSINT:clientport} [%{HAPROXYDATE:accept_date}] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{NUMBER:time_request}/%{NUMBER:time_queue}/%{NUMBER:time_backend_connect}/%{NUMBER:time_backend_response}/%{NOTSPACE:time_duration} %{NUMBER:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{NUMBER:actconn}/%{NUMBER:feconn}/%{NUMBER:beconn}/%{NUMBER:srvconn}/%{NOTSPACE:retries} %{NUMBER:srv_queue}/%{NUMBER:backend_queue} {%{HAPROXYCAPTUREDREQUESTHEADERS}} “(|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?”
How can i convert created fields created by grok pattern extractors from string to number/int/long?
Edit: As far as i read i should create a new index via graylog, can i do this? Even more, can i create an index with fields that will be populated later with an extractor?
